Congruence Modulo Operation: Question: What is 12 mod 9? Answer: 12 mod 9 3 or 12 3 (mod 9) ( ) Number Theory for Cryptography “12 is congruent to 3 modulo 9” Definition: Let a , r , m (where is the set of all Definition: Let a , r , m (where is the set of all integers) and m 0. We write 密碼學與應用 a r (mod m ) if m divides a a r (mod m ) if m divides a – r (i e m | a-r ) r (i.e. m | a r ) 海洋大學資訊工程系 m is called the modulus r is called the remainder r is called the remainder 丁培毅 丁培毅 0 r < m a = q ꞏ m + r Example: a = 42 and m= 9 Example: a = 42 and m= 9 42 = 4 ꞏ 9 + 6 therefore 42 6 (mod 9) 2 Greatest Common Divisor G t t C Di i Greatest Common Divisor (cont’d) G t t C Di i ( t’d) GCD of a and b is the largest positive integer GCD of a and b is the largest positive integer Euclidean Algorithm: calculating GCD dividing both a and b gcd(a, b) or (a,b) d( b) ( b) gcd(1180, 482) ( 輾轉相除法 ) ex. gcd(6, 4) = 2, gcd(5, 7) = 1 g ( , ) , g ( , ) 2 482 1180 2 432 964 Euclidean algorithm remainder divisor dividend ignore 3 50 216 4 ex gcd(482 ex. gcd(482 482, 1180 482 1180 1180) 1180) 48 48 200 200 Why does it work? Why does it work? 2 2 16 8 Let d = gcd(482, 1180) 1180 1180 = 2 ꞏ 482 482 + 216 16 d | 482 and d | 1180 d | 216 482 = 2 ꞏ 216 + 50 482 = 2 ꞏ 216 + 50 0 because 216 = 1180 - 2 ꞏ 482 216 = 4 ꞏ 50 + 16 d | 216 and d | 482 d | 50 50 = 3 ꞏ 16 + 2 2 50 3 16 2 d | 50 and d | 216 d | 16 | | | 2 d | 16 and d | 50 d | 2 16 = 8 ꞏ 2 + 0 gcd 2 | 16 d = 2 3 4
Greatest Common Divisor (cont’d) G t t C Di i ( t’d) Extended Euclidean Algorithm E t d d E lid Al ith Def: a and b are relatively prime: gcd(a, b) = 1 Let gcd(a, b) = d g ( , ) Looking for s and t, gcd(s, t) = 1 s.t. a ꞏ s + b ꞏ t = d Theorem: Let a and b be two integers, with at least one When d = 1 t b -1 (mod a) When d 1, t b of a, b nonzero, and let d gcd(a,b). Then there exist of a, b nonzero, and let d = gcd(a,b). Then there exist (mod a) integers x, y, gcd(x, y) = 1 such that a ꞏ x + b ꞏ y = d 1180 1180 = 2 ꞏ 482 482 + 216 Ex. 1180 1180 - 2 ꞏ 482 = 216 a = q 1 ꞏ b + r 1 a q 1 b + r 1 Constructive proof: Using Extended Euclidean Algorithm to Constructive proof: Using Extended Euclidean Algorithm to 482 = 2 ꞏ 216 + 50 find x and y 482 - 2 ꞏ (1180 - 2 ꞏ 482) = 50 b = q 2 ꞏ r 1 + r 2 q 2 -2 ꞏ 1180 + 5 ꞏ 482 = 50 2 1180 5 482 50 1 2 216 = 4 ꞏ 50 + 16 r 1 = q 3 ꞏ r 2 + r 3 (1180 - 2 ꞏ 482) - d = 2 d = 2 = 50 - 3 ꞏ 16 216 = 1180 1180 - 2 ꞏ 482 482 4 (-2 1180 + 5 482) = 16 4 ꞏ (-2 ꞏ 1180 + 5 ꞏ 482) = 16 50 = 482 - 2 ꞏ 216 = (482 - 2 ꞏ 216) - 3 ꞏ (216 - 4 ꞏ 50) 9 ꞏ 1180 - 22 ꞏ 482 = 16 r 2 = q 4 ꞏ r 3 + d 50 = 3 ꞏ 16 + 2 16 = 216 - 4 ꞏ 50 = • • • • = 1180 1180 ꞏ (-29) + 482 ( ) 482 ꞏ 71 ( 2 (-2 ꞏ 1180 + 5 ꞏ 482) - 1180 + 5 482) a x b y 3 ꞏ (9 ꞏ 1180 - 22 ꞏ 482) = 2 r 3 = q 5 ꞏ d + 0 -29 ꞏ 1180 + 71 ꞏ 482 = 2 5 6 Greatest Common Divisor (cont’d) G t t C Di i ( t’d) Greatest Common Divisor (cont’d) G t t C Di i ( t’d) The above proves only the existence of integers x and y Lemma : gcd(a,b) = gcd(x,y) = gcd(a,y) = gcd(x,b) = 1 L d( b) d( ) d( ) d( b) 1 Z How about gcd(x, y)? a, b, x, y s.t. 1 = a x + b y d a x + b y d = a ꞏ x + b ꞏ y pf: 1 = a/d ꞏ x + b/d ꞏ y d = gcd(a, b) ( ) following the previous theorem ) ( g p If gcd(x y) = r r 1 then If gcd(x, y) = r , r 1 then r | x and r | y r | a/d ꞏ x + b/d ꞏ y ( ) let d = gcd(a b) d 1 ( ) let d = gcd(a, b), d 1 which means that r | 1 i.e. r = 1 d | a and d | b gcd(x, y) = 1 ¶ ¶ d | a x + b y = 1 Note: gcd(x, y) = 1 but (x, y) is not unique d = 1 e.g. d = a x + b y = a (x-kꞏb) + b (y+kꞏa) d + b ( k b) + b ( +k ) similarly, gcd(a, y)=1, gcd(x, b)=1, and gcd(x, y)=1 when k increases, x-kꞏb decreases and become negative 7 8
O Operations under mod n ti d d O Operations under mod n ti d d What is the multiplicative inverse of a (mod n)? What is the multiplicative inverse of a (mod n)? T Proposition: i.e. a ꞏ a -1 1 (mod n) or a ꞏ a -1 = 1 + k ꞏ n Let a,b,c,d,n be integers with n 0, suppose , , , , g , pp gcd(a, n) = 1 s and t such that a ꞏ s + n ꞏ t = 1 a b (mod n) and c d (mod n) then a -1 s (mod n) Extended Euclidean Algo. a + c b + d (mod n) ( ) This expression also p implies gcd(a,n)=1. pf. a = k 1 n + b a - c b - d (mod n) a ꞏ x b (mod n), gcd(a, n) = 1, x ? c = k 2 n + d a ꞏ c b ꞏ d (mod n) ) a c b d (mod n) ) x b ꞏ a 1 b ꞏ s (mod n) -1 b b ( d ) (a+c) = (k 1 +k 2 ) n + (b+d) Are there any solutions? a ꞏ x b (mod n), gcd(a, n) = d 1, x ? a+c b+d (mod n) Proposition: Proposition: (a/d) ꞏ x (b/d) (mod n/d) gcd(a/d,n/d) = 1 if d | b Let a,b,c,n be integers with n 0 and gcd(a,n) =1. x 0 (b/d) ꞏ (a/d) -1 (mod n/d) If a b a c (mod n) then b c (mod n) If a ꞏ b a ꞏ c (mod n) then b c (mod n) there are d solutions to the equation a ꞏ x b (mod n): x 0 , x 0 +(n/d) , ... , x 0 +(d-1)ꞏ(n/d) (mod n) 9 10 M t i i Matrix inversion under mod n i d d Group A group G is a finite or infinite set of elements and a A group G is a finite or infinite set of elements and a A square matrix is invertible mod n if and only if A square matrix is invertible mod n if and only if binary operation which together satisfy its determinant and n are relatively prime 1. Closure: a,b G a b G a b = c G 封閉性 a b = c G 1 Closure: 封閉性 ex: in real field R -1 2. Associativity: a,b,c G (a b) c = a (b c) 結合性 1 a b d -b 3. Identity: a G a 1 a = a 1 = a 單位元素 1 a a 1 3 Identit : G a 單位元素 = ad - bc a a -1 = 1 = a -1 a 反元素 c d -c a 4. Inverse: a G Abelian group 交換群 b li a,b G a b = b a 交換群 In a finite field Z (mod n)? we need to find the inverse means g g g … g for ad-bc (mod n) in order to calculate the inverse of the ( ) Cyclic group G of order m: a group defined by an Cyclic group G of order m: a group defined by an -1 matrix element g G such that g, g 2 , g 3 , …. g m are all distinct a b d -b (ad – bc) -1 (mod n) elements in G (thus cover all elements of G) and g m = 1 elements in G (thus cover all elements of G) and g = 1, c d d -c a * the element g is called a generator of G. Ex: Z n (or Z/nZ) 11 12
Recommend
More recommend
